28 matches found
Security Bulletin: Race Condition in Eclipse Jersey (Versions 2.45, 3.0.16, 3.1.9) May Bypass Critical SSL Configurations and Compromise Secure Connections, affects watsonx.data
Summary In Eclipse Jersey versions 2.45, 3.0.16, 3.1.9 a race condition can cause ignoring of critical SSL configurations - such as mutual authentication, custom key/trust stores, and other security settings. This issue may result in SSLHandshakeException under normal circumstances, but under...
Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for February 2025.
Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 25.0.0-IF004. Vulnerability Details CVEID:CVE-2025-8869 DESCRIPTION: When extracting a tar archive pip may not check symbolic lin...
Security Bulletin: IBM Sterling Secure Proxy is vulnerable to bypass of Trust Restrictions due to Eclipse Jersey
Summary A race condition in Eclipse Jersey can cause ignoring of critical SSL configurations - such as mutual authentication, custom key/trust stores, and other security settings. IBM Sterling Secure Proxy has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2025-12383 DESCRIPTION: I...
Oracle WebLogic Server (January 2026 CPU)
The 12.2.1.4.0, 14.1.1.0.0, 14.1.2.0.0, and 15.1.1.0.0 versions of WebLogic Server installed on the remote host are affected by multiple vulnerabilities as referenced in the January 2026 CPU advisory. - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component:...
Security Bulletin: Vulnerabilities in Eclipse Jersey might affect IBM Storage Defender Copy Data Management
Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in Eclipse Jersey. Vulnerability include a race condition can cause ignoring of critical SSL configurations which could lead to unauthorized trust in insecure servers as described by the CVEs in the "Vulnerabilit...
CVE-2025-12383
In Eclipse Jersey versions 2.45, 3.0.16, 3.1.9 a race condition can cause ignoring of critical SSL configurations - such as mutual authentication, custom key/trust stores, and other security settings. This issue may result in SSLHandshakeException under normal circumstances, but under certain...
EUVD-2025-198046
Eclipse Jersey has a Race Condition...
Eclipse Jersey has a Race Condition
In Eclipse Jersey versions 2.45, 3.0.16, 3.1.9 a race condition can cause ignoring of critical SSL configurations - such as mutual authentication, custom key/trust stores, and other security settings. This issue may result in SSLHandshakeException under normal circumstances, but under certain...
GHSA-7P63-W6X9-6GR7 Eclipse Jersey has a Race Condition
In Eclipse Jersey versions 2.45, 3.0.16, 3.1.9 a race condition can cause ignoring of critical SSL configurations - such as mutual authentication, custom key/trust stores, and other security settings. This issue may result in SSLHandshakeException under normal circumstances, but under certain...
CVE-2025-12383
In Eclipse Jersey versions 2.45, 3.0.16, 3.1.9 a race condition can cause ignoring of critical SSL configurations - such as mutual authentication, custom key/trust stores, and other security settings. This issue may result in SSLHandshakeException under normal circumstances, but under certain...
CVE-2025-12383
CVE-2025-12383 is a race-condition vulnerability in Eclipse Jersey that can cause ignoring of critical SSL configurations (e.g., mutual authentication, custom key/trust stores), potentially enabling unauthorized trust in insecure servers. Affected assets in the provided IBM context include IBM St...
CVE-2025-12383 Race Condition allows Bypass of Trust Restrictions
In Eclipse Jersey versions 2.45, 3.0.16, 3.1.9 a race condition can cause ignoring of critical SSL configurations - such as mutual authentication, custom key/trust stores, and other security settings. This issue may result in SSLHandshakeException under normal circumstances, but under certain...
CVE-2025-12383 Race Condition allows Bypass of Trust Restrictions
In Eclipse Jersey versions 2.45, 3.0.16, 3.1.9 a race condition can cause ignoring of critical SSL configurations - such as mutual authentication, custom key/trust stores, and other security settings. This issue may result in SSLHandshakeException under normal circumstances, but under certain...
PT-2025-47323
Name of the Vulnerable Software and Affected Versions Eclipse Jersey versions 2.45, 3.0.16, 3.1.9 Description A race condition in Eclipse Jersey’s SSL configuration processing can lead to the ignoring of critical SSL configurations, including mutual authentication and custom key/trust stores. Thi...
Eclipse Jersey 竞争条件问题漏洞
Eclipse Jersey is a Java Web services development framework from the Eclipse Foundation. A Competitive Conditions Issue vulnerability exists in Eclipse Jersey versions 2.45, 3.0.16, and 3.1.9, which stems from a competitive condition that could lead to the omission of critical SSL configurations,...
EUVD-2021-0808
Malware in sbrugna...
Security Bulletin: Common vulnerabilities fixed in Cloudera Data Platform 7.1.9 HF2
Summary Fixes to common vulnerabilities discovered in Cloudera Data Platform 7.1.9 are available to download from Cloudera. Vulnerability Details CVEID:CVE-2023-41080 DESCRIPTION: Apache Tomcat could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in...
The vulnerability of the Eclipse Jersey framework, related to the creation of temporary files with insecure permissions, allows a perpetrator to disclose protected information.
The vulnerability of the Eclipse Jersey framework lies in the creation of temporary files with insecure permissions. Exploiting this vulnerability can allow an attacker to disclose protected information...
Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to information disclosure vulnerability due to org.glassfish.jersey.core_jersey-common (CVE-2021-28168)
Summary IBM Sterling Partner Engagement Manager has addressed vulnerability mentioned in CVE by updating to latest versions of libraries. Vulnerability Details CVEID:CVE-2021-28168 DESCRIPTION: Eclipse Jersey could allow a local attacker to obtain sensitive information, caused by use of the...
CVE-2021-28168
Eclipse Jersey 2.28 to 2.33 and Eclipse Jersey 3.0.0 to 3.0.1 contains a local information disclosure vulnerability. This is due to the use of the File.createTempFile which creates a file inside of the system temporary directory with the permissions: -rw-r--r--. Thus the contents of this file are...